Context Navigation

source: github/program/include/rcube_session.php @ 5228a55

Visit:

Last change on this file since 5228a55 was 5228a55, checked in by alecpl <alec@…>, 2 years ago
Applied fixes from trunk
Property mode set to `100644`
File size: 8.3 KB

Line
1	<?php
2
3	/*
4	+-----------------------------------------------------------------------+
5	\| program/include/rcube_session.php \|
6	\| \|
7	\| This file is part of the Roundcube Webmail client \|
8	\| Copyright (C) 2005-2010, Roundcube Dev. - Switzerland \|
9	\| Licensed under the GNU GPL \|
10	\| \|
11	\| PURPOSE: \|
12	\| Provide database supported session management \|
13	\| \|
14	+-----------------------------------------------------------------------+
15	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
16	\| Author: Aleksander Machniak <alec@alec.pl> \|
17	+-----------------------------------------------------------------------+
18
19	$Id: session.inc 2932 2009-09-07 12:51:21Z alec $
20
21	*/
22
23	/**
24	* Class to provide database supported session storage
25	*
26	* @package Core
27	* @author Thomas Bruederli <roundcube@gmail.com>
28	* @author Aleksander Machniak <alec@alec.pl>
29	*/
30	class rcube_session
31	{
32	private $db;
33	private $ip;
34	private $changed;
35	private $unsets = array();
36	private $gc_handlers = array();
37	private $start;
38	private $vars = false;
39	private $key;
40	private $keep_alive = 0;
41
42	/**
43	* Default constructor
44	*/
45	public function __construct($db, $lifetime=60)
46	{
47	$this->db = $db;
48	$this->lifetime = $lifetime;
49	$this->start = microtime(true);
50
51	// set custom functions for PHP session management
52	session_set_save_handler(
53	array($this, 'open'),
54	array($this, 'close'),
55	array($this, 'read'),
56	array($this, 'write'),
57	array($this, 'destroy'),
58	array($this, 'gc'));
59	}
60
61
62	public function open($save_path, $session_name)
63	{
64	return true;
65	}
66
67
68	public function close()
69	{
70	return true;
71	}
72
73
74	// read session data
75	public function read($key)
76	{
77	$sql_result = $this->db->query(
78	sprintf("SELECT vars, ip, %s AS changed FROM %s WHERE sess_id = ?",
79	$this->db->unixtimestamp('changed'), get_table_name('session')),
80	$key);
81
82	if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
83	$this->changed = $sql_arr['changed'];
84	$this->ip = $sql_arr['ip'];
85	$this->vars = base64_decode($sql_arr['vars']);
86	$this->key = $key;
87
88	if (!empty($this->vars))
89	return $this->vars;
90	}
91
92	return false;
93	}
94
95
96	// save session data
97	public function write($key, $vars)
98	{
99	$ts = microtime(true);
100	$now = $this->db->fromunixtime((int)$ts);
101
102	// use internal data from read() for fast requests (up to 0.5 sec.)
103	if ($key == $this->key && $ts - $this->start < 0.5) {
104	$oldvars = $this->vars;
105	} else { // else read data again from DB
106	$oldvars = $this->read($key);
107	}
108
109	if ($oldvars !== false) {
110	$a_oldvars = $this->unserialize($oldvars);
111	if (is_array($a_oldvars)) {
112	foreach ((array)$this->unsets as $k)
113	unset($a_oldvars[$k]);
114
115	$newvars = $this->serialize(array_merge(
116	(array)$a_oldvars, (array)$this->unserialize($vars)));
117	}
118	else
119	$newvars = $vars;
120
121	if (!$this->lifetime) {
122	$timeout = 600;
123	}
124	else if ($this->keep_alive>0) {
125	$timeout = min($this->lifetime * 0.5, $this->lifetime - $this->keep_alive);
126	} else {
127	$timeout = 0;
128	}
129
130	if (!($newvars === $oldvars) \|\| ($ts - $this->changed > $timeout)) {
131	$this->db->query(
132	sprintf("UPDATE %s SET vars = ?, changed = %s WHERE sess_id = ?",
133	get_table_name('session'), $now),
134	base64_encode($newvars), $key);
135	}
136	}
137	else {
138	$this->db->query(
139	sprintf("INSERT INTO %s (sess_id, vars, ip, created, changed) ".
140	"VALUES (?, ?, ?, %s, %s)",
141	get_table_name('session'), $now, $now),
142	$key, base64_encode($vars), (string)$_SERVER['REMOTE_ADDR']);
143	}
144
145	$this->unsets = array();
146	return true;
147	}
148
149
150	// handler for session_destroy()
151	public function destroy($key)
152	{
153	$this->db->query(
154	sprintf("DELETE FROM %s WHERE sess_id = ?", get_table_name('session')),
155	$key);
156
157	if ($key == $this->key)
158	$this->vars = false;
159	return true;
160	}
161
162
163	// garbage collecting function
164	public function gc($maxlifetime)
165	{
166	// just delete all expired sessions
167	$this->db->query(
168	sprintf("DELETE FROM %s WHERE changed < %s",
169	get_table_name('session'), $this->db->fromunixtime(time() - $maxlifetime)));
170
171	foreach ($this->gc_handlers as $fct)
172	$fct();
173
174	return true;
175	}
176
177
178	// registering additional garbage collector functions
179	public function register_gc_handler($func_name)
180	{
181	if ($func_name && !in_array($func_name, $this->gc_handlers))
182	$this->gc_handlers[] = $func_name;
183	}
184
185
186	public function regenerate_id($destroy=true)
187	{
188	session_regenerate_id($destroy);
189
190	$this->vars = false;
191	$this->key = session_id();
192	return true;
193	}
194
195
196	// unset session variable
197	public function remove($var=NULL)
198	{
199	if (empty($var))
200	return $this->destroy(session_id());
201
202	$this->unsets[] = $var;
203	unset($_SESSION[$var]);
204
205	return true;
206	}
207
208
209	// serialize session data
210	private function serialize($vars)
211	{
212	$data = '';
213	if (is_array($vars))
214	foreach ($vars as $var=>$value)
215	$data .= $var.'\|'.serialize($value);
216	else
217	$data = 'b:0;';
218	return $data;
219	}
220
221
222	// unserialize session data
223	// http://www.php.net/manual/en/function.session-decode.php#56106
224	private function unserialize($str)
225	{
226	$str = (string)$str;
227	$endptr = strlen($str);
228	$p = 0;
229
230	$serialized = '';
231	$items = 0;
232	$level = 0;
233
234	while ($p < $endptr) {
235	$q = $p;
236	while ($str[$q] != '\|')
237	if (++$q >= $endptr) break 2;
238
239	if ($str[$p] == '!') {
240	$p++;
241	$has_value = false;
242	} else {
243	$has_value = true;
244	}
245
246	$name = substr($str, $p, $q - $p);
247	$q++;
248
249	$serialized .= 's:' . strlen($name) . ':"' . $name . '";';
250
251	if ($has_value) {
252	for (;;) {
253	$p = $q;
254	switch (strtolower($str[$q])) {
255	case 'n': /* null */
256	case 'b': /* boolean */
257	case 'i': /* integer */
258	case 'd': /* decimal */
259	do $q++;
260	while ( ($q < $endptr) && ($str[$q] != ';') );
261	$q++;
262	$serialized .= substr($str, $p, $q - $p);
263	if ($level == 0) break 2;
264	break;
265	case 'r': /* reference */
266	$q+= 2;
267	for ($id = ''; ($q < $endptr) && ($str[$q] != ';'); $q++) $id .= $str[$q];
268	$q++;
269	$serialized .= 'R:' . ($id + 1) . ';'; /* increment pointer because of outer array */
270	if ($level == 0) break 2;
271	break;
272	case 's': /* string */
273	$q+=2;
274	for ($length=''; ($q < $endptr) && ($str[$q] != ':'); $q++) $length .= $str[$q];
275	$q+=2;
276	$q+= (int)$length + 2;
277	$serialized .= substr($str, $p, $q - $p);
278	if ($level == 0) break 2;
279	break;
280	case 'a': /* array */
281	case 'o': /* object */
282	do $q++;
283	while ( ($q < $endptr) && ($str[$q] != '{') );
284	$q++;
285	$level++;
286	$serialized .= substr($str, $p, $q - $p);
287	break;
288	case '}': /* end of array\|object */
289	$q++;
290	$serialized .= substr($str, $p, $q - $p);
291	if (--$level == 0) break 2;
292	break;
293	default:
294	return false;
295	}
296	}
297	} else {
298	$serialized .= 'N;';
299	$q += 2;
300	}
301	$items++;
302	$p = $q;
303	}
304
305	return unserialize( 'a:' . $items . ':{' . $serialized . '}' );
306	}
307
308	public function set_keep_alive($keep_alive)
309	{
310	$this->keep_alive = $keep_alive;
311	}
312
313	public function get_keep_alive()
314	{
315	return $this->keep_alive;
316	}
317
318	// getter for private variables
319	public function get_ts()
320	{
321	return $this->changed;
322	}
323
324	// getter for private variables
325	public function get_ip()
326	{
327	return $this->ip;
328	}
329
330	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: